The Digital Security and Resilience (DSR) team is looking for a seasoned Security Engineer to work as a Cyber Hunt Analyst in the Cyber Defense Operations Center (CDOC). As part of this dynamic and high-impact team - you will have the opportunity to seek out adversary tactics, techniques, and procedures (TTP) in our environment using advanced security technologies combined with your own creative hunting methodologies.

In this role, you will focus on developing and executing threat hunting operations to discover adversary activities that are not detected through traditional detection capabilities.  You will be able to leverage first class security partners and threat intelligence teams to derive and hunt on known indicators of compromise, as well as developing strategies for discovering new techniques used by adversaries.

For greatest impact, you will develop and automate your hunt methodologies and findings to operationalize the capability across the Security Operations Center (SOC).  Extending beyond the traditional blue team role, you will engage with Red teams and participate in Purple team exercises that will build your perspective of the adversarial mindset as well as identifying new techniques.  Finally, you will play a critical role in the continuous monitoring and response to major Incidents affecting the enterprise. 

#DSR

Responsibilities

• Monitoring for security threats working within Microsoft SOC (security operations center)
• Event analysis, attack identification, investigation and correlation, and implementation of mitigation measures
• Investigation of potential attacks and potentially compromised systems
• Leading or participating in the incident response process
• Provide recommendations and implement changes to optimize our detection capabilities
• Contribute technical and process improvements within the team

Qualifications

• 5+ years of work experience, with a minimum of 3 years of experience in SOC.
• Hands on experience with incident analysis.
• Understanding of Windows internals.
• Understanding of various attack methods, vulnerabilities, exploits, malware.
• Good Understanding of SIEM Console.
• Good understanding of networking and network security technologies (IDS, Firewall).
• Social engineering - given that humans are the weakest link in the security chain, an analyst's expertise can help with awareness training
• Security assessments of network infrastructure, hosts and applications - another element of risk management
• Forensics - investigation and analysis of how and why a breach or other compromise occurred
• Troubleshooting - the skill to recognize the cause of a problem
• DLP, AV and anti-malware - an understanding of the tools used to protect the organization
• TCP/IP, Firewall, computer networking, routing and switching - an understanding of the fundamentals: the language, protocol and functioning of the internet
• Excellent written and oral communication skills.
• Scripting knowledge in PowerShell, Python, general batch/shell scripting.
• Security certifications such as CISSP, SANS.
• Bachelor Degree in Computer Science, Information Technology or a related field.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.